University of Minnesota
Machine Architecture and Organization (sec 010)
index.php

CSCI 2021 lab0x6

Examining Memory with GDB

Like the previous lab, This lab focuses on debugging a simpler version of the the binary bomb (hands on assignment 3). This will all be done using the GDB debugger. This will allow you to step through the code line by line, print out the contents of variables and registers, and set break points in the program. The way this "bomb" works is by reading in your input from a text file. You will type your input(s) for each "phase" on separate lines in the provided text file, input.txt. You can then run the executable "puzzle" against your input using the command:

./puzzle input.txt

This will most likely provide less than satisfactory results until some debugging is done on the executable to try and decode the correct inputs. This will be done using GDB.

GDB: Debugging memory

Review lab0x5 for GDB basics. Here we introduce watchpoints. Watchpoints are very similar to breakpoints, but they trigger when an expression or memory address is encountered, rather than an instruction number. The puzzles in this lab are labeled p1, p2, and p3. They involve data structures allocated on the stack, so keep that in mind when you're reading the assembly (now is a good time to refresh about rsp and rbp registers).

Creating Watchpoints

If debugging symbols are available you can set watchpoints on variable names directly. If all you have is the binary, you can put watchpoints on registers or raw memory addresses. The -l flag instructs GDB to track the memory address rather than the expression itself.

(gdb) watch [-l] EXPRESSION

(gdb) watch [-l] *ADDRESS

Some examples:

(gdb) watch node->data[0]

(gdb) watch $rax - 0x10

(gdb) watch -l *0x7fffffffdc40

Removing Watchpoints

(gdb) delete watchpoint# (where # is the watchpoint number id)

(gdb) clear (deletes all of the breakpoints)

Once the watchpointpoint has been reached, you can step line by line using the si (step instruction) command:

(gdb) si

Or you may want to resume execution until the next time the memory address changes with the continue command:

(gdb) continue

Continue advances the program until it hits another watchpoint or breakbpoint. For the authoritative source, read the gdb documentation:

https://sourceware.org/gdb/onlinedocs/gdb/Set-Watchpoints.html

Warmup: source-level GDB

A more realistic code example called warmup is also provided. There is a segfault somehwere in the program. You may be able to find it by inspection, but also experiment setting watchpoints and exploring the data structures. On that note, play with the

(gdb) explore EXPRESSION

command. For more details about explore, read the documentation:

https://sourceware.org/gdb/current/onlinedocs/gdb/Data.html

(NOTE: I observe this to hang gdb if a layout is active).

Completing The Lab

To get the puzzle program to use in lab, run the command:

cp /web/classes/Fall-2018/csci2021-010/labs/0x6/{puzzle,input.txt,warmup} .

The program itself will take a .txt file named "input.txt" as an argument. In the input file, you will have to debug the program to find the solutions to each phase and place those solutions into the text file.

When you input your solutions in the text file, make sure you do it one line at a time, with no extra spaces at the end of the line, or the file could be misread. If you figure out all of the solutions and receive the final output of the puzzle program, you have completed the lab and are on your way to debugging the fabled binary bomb.